The ride-hailing service Uber has been fined the equivalent
of nearly $1.2 million by British and Dutch authorities for failing to protect
customers' data during a cyberattack in 2016.
Britain's Information Commissioner's Office said Tuesday it
fined the company 385,000 pounds ($491,000) and Dutch officials imposed a
600,000 euro ($679,000) fine for violating Dutch data protection laws.
British officials cited a series of "avoidable data
security flaws" that allowed personal data for roughly 2.7 million U.K.
customers to be downloaded by hackers during an incident in October and
The information commission's director of investigations,
Steve Eckersley, said Uber had shown a "complete disregard for the
customers and drivers whose personal information was stolen" after the
substantial security breach.
"At the time, no steps were taken to inform anyone
affected by the breach, or to offer help and support," he said. "That
left them vulnerable."
Dutch officials say Uber did not report the data breach to
authorities within 72 hours as required by regulations. The Dutch Data
Authority says 57 million users worldwide and 174,000 Dutch citizens were
affected by the data breach.
The U.S.-based company said in a statement that Uber is
"pleased to close this chapter on the data incident from 2016."
It said a number of technical improvements have been made to
the security system since then.
"We learn from our mistakes," the company said.
The statement also cites a number of changes to the senior management team that
have been made in the last year.